Jason Gurtz wrote: > On 9/30/2004 13:45, Jim McCullars wrote: >> >> On Thu, 30 Sep 2004, Stephen J Smoogen wrote: >> >>>> about 10 or so that are commonly used to send mail bombs. .vcf >>>> isn't one of them. >>> >>> Which 10? >> >> Well, at the risk of exposing by backside: > > Can't remember what the default are but I've added a couple here and > there. Here's what I use (Perl string concatenated for email > readability): > > $bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|' . > 'dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|' . > > 'mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|' . > > 'shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|' . > 'wsh|\{[^\}]+\})'; >
Here's mine, since we're sharing The first chunk is the default The second is my additions I'm considering removing jpg and jpeg once either (a) I'm convinced the GDI+ update has been widely applied (b) ClamAV 0.8 is released so I can use their Exploit.JPEG antivirus definition my @bad = qw( ade adp app asd asf asx bas bat chm cmd com cpl crt dll exe fxp hlp hta hto inf ini ins isp js jse lib lnk mdb mde msc msi msp mst ocx pcd pif prg reg scr sct sh shb shs sys url vb vbe vbs vcs vxd wmd wms wmz wsc wsf wsh htm html zip rar sit cpt hqx jpg jpeg ); my $bad_exts = "(" . join("|", @bad, "\{[^\}]+\}") . ")"; It's rather extreme, I know... but I do a pre-scan for known virii with clamav-milter, which catches most of the well-established viruses that have known definitions. Also I have a streamlined unquarantining mechanism that just takes a few seconds for the mail admin. [EMAIL PROTECTED] 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg," _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang